天美影院

Data we collect

The Department for Education (DfE) and its executive agencies have legal powers to collect data about individuals in the children鈥檚 services, education, apprenticeships, and wider skills training sectors, in England.

This data forms a significant part of our evidence base.

We use it:

• 颈苍听find and compare schools in England
• 颈苍听adoption scorecards
• 颈苍听statistical releases
• 迟辞听evaluate and inform educational policy
• to assess funding for local authorities and schools
• to assess the success of the apprenticeship scheme
• to consider workforce salaries and pay increases

翱耻谤听personal information charter聽details the standards we follow when we collect personal data.

Why we share data

DfE聽and its executive agencies are responsible for ensuring the provision of education and children鈥檚 services is effective and efficient. The following set of principles help us to approve or reject any project proposals which involve sharing personal level data with external organisations.

DfE聽shares personal data:

• where there is a clear benefit to the education or children鈥檚 services sector
• to inform debate
• that is able to benefit a sizeable section of the target sector and is not solely for commercial gain
• to encourage the research community to work collaboratively with the department and build the evidence base together 鈥� where the research is likely to have a significant impact,聽DfE聽will ensure third parties use appropriate methodologies and make good use of peer review
• where the project is aligned 迟辞听DfE鈥檚 research聽areas of interest
• for secondary research, where:
  • it is commissioned, funded, sponsored or supported by聽DfE听辞谤 the wider education and children鈥檚 services sector
  • it drives behaviour which is consistent with聽DfE听辫辞濒颈肠测
  • the output does not duplicate聽, publications or other services offered by聽DfE

Who we share data with

You can search and find聽DfE聽external data shares聽of all ongoing personal level data sharing delivered through data sharing agreements, including an update on police, Home Office and Family Court Order use of limited parts of our data when they have clear evidence of criminal activity.

How we share data

DfE聽and its executive agencies will ensure that any projects that are permitted to work with our data are fully compliant with聽聽and are subject 迟辞听the 5 safes聽framework. Together, we ensure that safe people access our safe data for safe projects in safe settings to produce safe outputs.

DfE聽will only share data with a third party where we have a lawful basis for the data share. That lawful basis will be based on the specifics of each data request and on the personal data they are seeking to use. For example,聽DfE聽may use article 6(1)(e) 鈥榩ublic task鈥� as the lawful basis where the task or function has a clear basis in law.

The following are some examples of legal powers we have used to share personal data which support the use of public task.

聽allows us to share pupils鈥� personal data with certain third parties, including:

• schools
• local authorities
• researchers
• organisations connected with promoting the education or wellbeing of children in England
• organisations fighting or identifying crime
• other specified crown and public bodies

罢丑别听聽permit the sharing of individual child information from early years providers with persons who are conducting research into the educational achievements of children.

罢丑别听聽permit the sharing of data about children in alternative provision with persons who are conducting research into the educational achievements of children.

罢丑别听聽permits the sharing of learner data to enable or facilitate the exercise of any function of the聽DfE聽relating to education or training.

罢丑别听聽covers the sharing of learner data in connection with the exercise of an assessment function defined as:

• evaluating the effectiveness of training or education
• assessing policy in relation to the provision of training or education
• assessing policy in relation to social security or employment as it affects the provision of or participation training or education

罢丑别听聽permits the sharing of a subset of data for learners in further education data with persons who, for the purpose of promoting the education or well-being of students in England, are conducting research or analysis, producing statistics, or providing information, advice or guidance.

罢丑别听聽covers the sharing of children鈥檚 services data to assist other persons in conducting research into any matter connected with a number of specified functions of the department or local authorities.

Section 8 of , made under section 114 of the Education Act 2005, permits the sharing of data with persons conducting research relating to qualifying workers or qualifying trainees which may be expected to be of public benefit.

罢丑别听聽permits the sharing of Universities and Colleges Admissions Service (UCAS) data to approved persons doing:

• research into the choices available to individuals who are either:
  • applying for admission to higher education courses provided by English higher education providers
  • considering whether to accept an offer for admission on such a course from such a provider
• research into equality of opportunity
• research areas approved by the Secretary of State

Chapter 5 of Part 5 of the聽聽facilitates the linking and sharing of de-identified data by public authorities for accredited research purposes in the public good. It is designed to support the UK research community, both within government and beyond.

DfE鈥檚 vision for sharing data

Where data聽is available聽through聽an聽ONS聽trusted research environment聽under the Digital Economy Act (DEA), project applications聽are聽managed through the or .

Where data is聽available through the UK聽Data Service (UKDS) trusted research environment under the Digital Economy Act (DEA), project applications聽are managed 迟丑谤辞耻驳丑听迟丑别 .

Where data聽is not available聽through ONS or UKDS, project applications聽are聽managed by the DfE Data Sharing Service under DfE legislation with access granted聽either:

• 迟丑谤辞耻驳丑听迟丑别 ONS SRS by default
• by聽direct transfer where a trusted research environment is not suitable and data security requirements are聽met

This system聽is designed 迟辞听expediate聽access to DfE data,聽reducing聽burdens on researchers and DfE by virtue of a simpler, and much quicker, end-to-end service for shares under DEA and allow DfE to focus its efforts on聽new, complex听辞谤 high-risk requests.

DfE聽will only share personal data under聽DEA聽which has already been de-identified data by聽ONS听辞谤 UKDS as service providers and聽DEA聽accredited processors for disclosure.

You can find out more about how the聽. All research projects under聽DEA聽are consistently accredited using the聽Research Code of Practice and Accreditation Criteria聽which was approved by the UK Parliament in July 2018. As the statutory accrediting body, the聽聽has also established a聽聽to oversee the independent accreditation of processors, researchers and research projects.

Information about applying for聽DfE聽personal data聽is available.

Five safes

础濒濒听DfE聽data, whether accessed via聽ONS聽RAS or the聽DfE聽data sharing service, will be subject to the 5 safes:

• safe settings
• safe people
• safe projects
• safe outputs
• safe data framework for how we protect data

Safe settings

Our routes for sharing personal data for research purposes is through the聽ONS聽Secure Research Service (SRS), Integrated Data Service (IDS) or UK Data Service (UKDS). This is a safer way to access data compared with the transfer of data files to individual organisations.

It鈥檚 not always suitable to get data through the聽ONS or UKDS. If you鈥檙e receiving data directly from us, we make sure that data is only provided to your organisation and held in a safe setting by checking:

• your organisation鈥檚 IT and building security
• you don鈥檛 keep the data for longer than allowed

Safe people

We only share our data with people we trust to use it safely and responsibly.

To access personal data via聽ONS SRS听辞谤 IDS, you have to:

• be approved by us
• sign an individual declaration form to confirm that you abide by our data sharing agreement

To receive personal data directly from us, you have to:

• provide evidence that your organisation applies appropriate vetting of individuals intending to use government data
• sign an individual declaration form to confirm that you abide by our data sharing agreements
• complete recognised data protection and information security training

Safe projects

We have a senior board, the data sharing approval panel (DSAP), which makes sure all external requests for personal data meet our聽data sharing principles聽and are:

• legal
• ethical
• proportionate
• secure

The board includes senior internal and external data experts who meet regularly to consider cases and approve or reject requests.

厂别别听聽(PDF,聽209 KB,聽10 pages)聽for more information.

Safe outputs

When applying to receive our data, you have to:

• make it clear how you intend to use the data
• follow the relevant agreement and schedule for the data share

When working through the聽SRS听辞谤 IDS, if you want to use the results from your analysis outside of the service these will be checked by聽ONS. They鈥檒l make sure the outputs protect data confidentiality and can鈥檛 be used to identify any specific individuals or organisations.

Safe data

We now classify all persona data leaving us against 2 criteria:

• the risk that an individual could be identified
• how sensitive the data item is

This makes it easier for us to be transparent about:

• what kind of data we share with third parties
• our decision making

Safe data classification framework

When applications for personal data are made, we use these classifications to scrutinise the data request to make sure that:

• we only share data proportionate to the intended purpose
• we are comfortable with the level of protection around the individual鈥檚 identity that is built within the dataset we are allowing the third party to access

We also use these classifications for checking the additional conditions of processing which is a legal requirement.

We publish the risk of identification and sensitivities in the聽DfE聽external data shares.

Assessing the risk of identification

We use 6 levels of identification risk to describe data.

Level 1: instant identifiers

Examples of personal level data that instantly identify an individual within a dataset include:

• full names
• full addresses
• email addresses
• phone numbers
• IP addresses

Level 2: meaningful identifiers

These are identifiers that are assigned to people such as a:

• NHS number
• national insurance number

In education, pupils have identifiers such as:

• unique pupil numbers
• unique learner numbers
• national candidate numbers

We call these meaningful identifiers because they:

• directly identify the individual
• are often known by the individual
• can easily be used to link other educational data

A meaningful identifier could be combined with other data, increasing the chance of identification.

Where possible, we鈥檒l:

• avoid sharing instant or meaningful identifiers
• aim to limit data-sharing to data with a risk of identification set at level 3 or below

If there鈥檚 a need to identify an individual, we鈥檒l ensure that:

• it鈥檚 justified
• it鈥檚 proportionate to the intended purpose
• we build an adequate level of protection into each instance of data-sharing

The classification of all data extracts with risk of identification level 1 or 2, will be published as 鈥榠dentifiable personal level data鈥�.

Level 3: meaningless identifiers

A lot of research is interested in how individual pupils progress over time. To achieve this whilst safeguarding the individual鈥檚 identity, we make use of identifiers that have no meaning outside of our data.

These are less risky than meaningful identifiers as they can鈥檛 be used to join our data to non-DfE听诲补迟补.

Level 4: non-identifiers with higher identification risk

Within our personal level data, there are data variables that do not fall into level 1, 2 or 3 but can still be joined together to identify individuals.

Even if the names, addresses, meaningful reference numbers have all been taken out of the data we know there is still a risk that certain variables could result in an individual being identified. This is what we class as 鈥榬e-identification risk鈥�.

Assessing re-identification risk is not an exact science. We鈥檝e consulted experts in the field and have found that certain combinations are more risky than others. For example the risk increases if we include:

• number of siblings
• the school a child attends
• postcode of home address

We identify these combinations within the data requested and then question whether they are essential to the project purpose or research.

Level 5: non-identifiers with lower identification risk

This is the level of identification risk we give to data variables that do not meet any of the above criteria.

The classification of all data extracts with risk of identification level 3, 4 or 5, will be published as 鈥榙e-identified personal level data (with re-identification risk)鈥�.

Level 6: aggregate or suppressed data

We use these terms to describe the method of aggregating data. These data shares do not come 迟辞听DSAP.

Where there are small numbers of individuals within the aggregated data, the appropriate levels of suppression are applied to make sure there is only an extremely remote risk of identification.

Assessing the sensitivity of data

We use 5 categories to describe the sensitivity of data.

A. Public commitment that this data will never leave the department

There are a few data variables that we have publicly committed will only be used for internal departmental purposes. This category is used to make sure that those commitments are embedded into all data governance processes.

Any request including sensitivity A data would be rejected by聽DSAP.

B. Highly sensitive data about interactions with children鈥檚 services.

We collect data about the interactions some children have with children鈥檚 services, such as being:

• fostered
• looked after
• adopted

We consider this as highly sensitive. Sharing this data for research purposes (using appropriate levels of data safeguarding) helps us to understand more about the children鈥檚 experience of these interventions to improve children鈥檚 services outcomes.

Sensitivity B data undergoes an additional level of scrutiny by the children鈥檚 services teams on top of聽DSAP听蝉肠谤耻迟颈苍测.

C. Sensitive data not captured as a special category under聽GDPR

The law defines areas of personal data that are particularly sensitive for individuals as聽鈥榮pecial categories鈥�.

Within education, we believe that there are variables that citizens would treat as equally sensitive, but are not covered 颈苍听GDPR, such as free school meal eligibility.

We use this category to make sure such variables are thought about in the same way as聽GDPR聽special category data during our decision-making processes, even if legally there are differences.

Sensitivity C data will undergo the same level of scrutiny as if they were sensitivity D data.

D. Sensitive data captured as a special category under聽GDPR

GDPR聽special categories are clearly set out in law. Most relevant in the context of education data are:

• ethnicity
• disability
• elements of special educational need (SEN) that have a health context

Sensitivity D data requests require additional conditions of processing to be justified, as set out in law, before聽DSAP聽can consider it for data sharing.

E. Other

Data that does not fit into any of the other 4 categories, such as exam results.